THREATOPS
THREAT OPSThreat News › lightning PyPI Compromise: A Bun-Based Credential Stealer in Python

lightning PyPI Compromise: A Bun-Based Credential Stealer in Python

infosnykPublished 2026-04-30

A malicious release of the lightning PyPI package ships a credential-stealing Bun payload that runs on import. Snyk has a live advisory. Here's what's in the package, what to rotate, and how the payload pattern connects to the Mini Shai-Hulud npm campaign one day earlier.

Original source: https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/